From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id mGIRA96duGH96wAAgWs5BA (envelope-from ) for ; Tue, 14 Dec 2021 14:36:30 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id MH5YOt2duGEaXAAAbx9fmQ (envelope-from ) for ; Tue, 14 Dec 2021 13:36:29 +0000 Received: from mail.notmuchmail.org (nmbug.tethera.net [144.217.243.247]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C18AD25744 for ; Tue, 14 Dec 2021 14:36:29 +0100 (CET) Received: from nmbug.tethera.net (localhost [127.0.0.1]) by mail.notmuchmail.org (Postfix) with ESMTP id 2FC232977B; Tue, 14 Dec 2021 08:36:23 -0500 (EST) X-Greylist: delayed 404 seconds by postgrey-1.36 at nmbug; Tue, 14 Dec 2021 02:20:48 EST Received: from a8-93.smtp-out.amazonses.com (a8-93.smtp-out.amazonses.com [54.240.8.93]) by mail.notmuchmail.org (Postfix) with ESMTPS id AF5BC2976B for ; Tue, 14 Dec 2021 02:20:48 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=wmllxkgiwqlr6bhgz4il3hte7xibrdv5; d=princetonprivacystudy.org; t=1639466043; h=From:To:Subject:MIME-Version:Content-Type:Message-ID:Date; bh=VbIneQrdvU5qE6eH9AG4rCxoAgN2Yd7KJvnGOGa7se8=; b=K7nFXdU/CnXIbOJUStg/G1eucrRgnmzBXojzp8wZ+NYc3Zn/PwRR9VERQQCca5GV aIk5T5cHrGpEkz4xgvPjjTu4cSFbGReo4i3BCjC6xxP1CFvBiL8kzrwlm+8ycCexd8w UbeGotjQh5a5ViQFCYbb4J2XmvcITtqjWfEsHZffccibbT1cPyKOLrIszm1NwgoBTi1 oKkh4wpBsgd0/gkASbpa/1EG2vqW2+X8BaH1kPKepFwVMGBs1oKViguHRu+00lelXw7 UaZdOsodf/b/EJlKm8b3fJkX7sz0BwhgaOSzyxlr3NjynYTRRTqx9bPIm2eimgnsDAV 9BVTcJeZhQ== DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1639466043; h=From:To:Subject:MIME-Version:Content-Type:Message-ID:Date:Feedback-ID; bh=VbIneQrdvU5qE6eH9AG4rCxoAgN2Yd7KJvnGOGa7se8=; b=Imw8OkbvJ3kra30xiF1kCxEy+1SSsuO5vt0y86rtwC+2nyleI/4cWO+2Ix47Qucb Wdra0L8rzWwUhObDRFQfUq0KsTxQ97Ww64CS8t0LBRw3qqkpskvKjW5Btn/Smtp21xh zvLYE5SEEUmsWInpdevj5PTVyklwBcRRr7oHeCgM= From: Privacy Practices To: notmuch@notmuchmail.org Subject: Questions About notmuchmail.org Privacy Practices for Princeton University Research MIME-Version: 1.0 Message-ID: <0100017db7ca880d-c6bbc7ff-ba72-483a-aa87-06890d239067-000000@email.amazonses.com> Date: Tue, 14 Dec 2021 07:14:03 +0000 Feedback-ID: 1.us-east-1.K9cRMHg54/IJThzBL+5EaZV+AM/KgxickEC+DV9JrC0=:AmazonSES X-SES-Outgoing: 2021.12.14-54.240.8.93 X-MailFrom: 0100017db7ca880d-c6bbc7ff-ba72-483a-aa87-06890d239067-000000@mail.princetonprivacystudy.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0 Message-ID-Hash: 7R6OL36WXJTUQHUH3QEJTHAR5A6KZFUB X-Message-ID-Hash: 7R6OL36WXJTUQHUH3QEJTHAR5A6KZFUB X-Mailman-Approved-At: Tue, 14 Dec 2021 08:36:21 -0500 X-Mailman-Version: 3.3.3 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: multipart/mixed; boundary="===============0959419249659364415==" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1639488989; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type:list-id: list-help:list-owner:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=6FqQVVEXTo5dCf5xUZnFGk9uvS56BiX7UGukhl6AZ58=; b=rKi9CjsUyG+efHYLMNg7pqDFYDeEtnY3LNjyhgI8XoIlhDyvUYSb/hpfTRWcWuhXYuYT5U iuNKvMsvhiUVuvnd6CDqTft2QQFDCfU+WEFvrFoesqk8kMy+uQsb0sAN3canugSHoMLW7T Gp+7c3J81vG6nuzr3XFq5XI0LQEFKS9LP0aUAKjNVGqmGcVpNBQJYyAj9PmXhYaIoNUDhZ I6PHgKspI+zGVu5FRRuq+rHlRelHsaKrX7ivO+Oo+fpAdeR1CTUrLPCFCj6Fl+n4BaasY2 IttKedVt4vQVy/9+XmS/TredZ5cuhGrQUgoQPhCqZRPVridZUKOtsksQwlv8Iw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1639488989; a=rsa-sha256; cv=none; b=PjTUNKIxiAnPlUN1wuKbYsYXo59/h7v30OV2oLxOlOCYdndqxTTsmgLo5wuCJRmYL6LrvE mx9Frdp8FWN11EA2Owv8GpfqbV5j0/himAx8aUBco2bZg7jdkT4WgNXgtmVRnlM9RHL7Od a2NcwI/cJchKX8SUIheJmyT1fmBvZfm98SMVdm8eayiTvVyAbJ4BijkiRNhhFvlSBDkYIG oa6fXU8AXJ1VLvFVIMmnSeHOdiCswUQ97PeJ9LNBBF8XxQgxKuE00XxBXBEqDx7YKWjEIB N2xuK3dtlS1feEnN7NcJWDN7FqBEyX9FdT6+BPehwbUvNDB7JnYRw52giJe5Ew== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=princetonprivacystudy.org header.s=wmllxkgiwqlr6bhgz4il3hte7xibrdv5 header.b="K7nFXdU/"; dkim=fail ("body hash did not verify") header.d=amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug header.b=Imw8Okbv; dmarc=fail reason="SPF not aligned (relaxed)" header.from=princetonprivacystudy.org (policy=quarantine); spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 144.217.243.247 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Spam-Score: 6.00 X-Spam: Yes Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=princetonprivacystudy.org header.s=wmllxkgiwqlr6bhgz4il3hte7xibrdv5 header.b="K7nFXdU/"; dkim=fail ("body hash did not verify") header.d=amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug header.b=Imw8Okbv; dmarc=fail reason="SPF not aligned (relaxed)" header.from=princetonprivacystudy.org (policy=quarantine); spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 144.217.243.247 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Queue-Id: C18AD25744 X-Spam-Score: 6.00 X-Migadu-Spam: Yes X-Migadu-Scanner: scn1.migadu.com X-TUID: BWWnIeRXii9O --===============0959419249659364415== Content-Type: multipart/alternative; boundary="----=_Part_276834_674585491.1639466043407" ------=_Part_276834_674585491.1639466043407 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit To Whom It May Concern, We are researchers at Princeton University conducting a study of how websites are implementing the EU and UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are reaching out to you because this email address is provided as a contact on the website notmuchmail.org. Your website may be required to implement one or both of GDPR and CCPA, and we would appreciate if you would answer a few brief questions about your privacy practices. 1) Does notmuchmail.org implement GDPR or CCPA? If not, could you please explain why? If you are uncertain about whether notmuchmail.org is required to implement these laws or answer questions like ours, we have included informative resources at the end of this email. 2) If you implement GDPR or CCPA, do you process data access requests from individuals who are not residents of the EU or UK (for GDPR) or who are not residents of California (for CCPA)? 3) If you implement GDPR or CCPA, do you process data access requests via email, a website, or telephone? If via a website, what is the URL? 4) If you implement GDPR or CCPA, what personal information must a user submit for you to verify and process a data access request? 5) If you implement GDPR or CCPA, what personal information do you provide in response to a data access request? Thank you in advance for your answers to these questions. If there is a better contact for questions about privacy practices on notmuchmail.org, I kindly ask that you forward my request to them. Sincerely, Ross Teixeira \---------- We offer these resources about GDPR and CCPA for your convenience. Please note that we cannot provide legal advice about whether notmuchmail.org is required to implement these laws or respond to our questions like ours about GDPR and CCPA practices. * Article 3 of the GDPR, which specifies coverage: [https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from;=EN#d1e1455-1-1](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1455-1-1) * European Data Protection Board guidance on GDPR coverage: * California Attorney General guidance on CCPA coverage: * Section 1798.140 of the California Civil Code, which specifies the businesses that CCPA covers: [https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath;=8.4.45&lawCode;=CIV](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath=8.4.45&lawCode=CIV) ------=_Part_276834_674585491.1639466043407 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

To Whom It May Concern,

We are researchers at Princeton University conducting a study of how websites are implementing the EU and UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are reaching out to you because this email address is provided as a contact on the website notmuchmail.org.

Your website may be required to implement one or both of GDPR and CCPA, and we would appreciate if you would answer a few brief questions about your privacy practices.

1) Does notmuchmail.org implement GDPR or CCPA? If not, could you please explain why? If you are uncertain about whether notmuchmail.org is required to implement these laws or answer questions like ours, we have included informative resources at the end of this email.

2) If you implement GDPR or CCPA, do you process data access requests from individuals who are not residents of the EU or UK (for GDPR) or who are not residents of California (for CCPA)?

3) If you implement GDPR or CCPA, do you process data access requests via email, a website, or telephone? If via a website, what is the URL?

4) If you implement GDPR or CCPA, what personal information must a user submit for you to verify and process a data access request?

5) If you implement GDPR or CCPA, what personal information do you provide in response to a data access request?

Thank you in advance for your answers to these questions. If there is a better contact for questions about privacy practices on notmuchmail.org, I kindly ask that you forward my request to them.

Sincerely,
Ross Teixeira

----------

We offer these resources about GDPR and CCPA for your convenience. Please note that we cannot provide legal advice about whether notmuchmail.org is required to implement these laws or respond to our questions like ours about GDPR and CCPA practices.

* Article 3 of the GDPR, which specifies coverage: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1455-1-1

* European Data Protection Board guidance on GDPR coverage: https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en

* California Attorney General guidance on CCPA coverage: https://oag.ca.gov/privacy/ccpa#sectiona

* Section 1798.140 of the California Civil Code, which specifies the businesses that CCPA covers: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath=8.4.45&lawCode=CIV

------=_Part_276834_674585491.1639466043407-- --===============0959419249659364415== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============0959419249659364415==--